4conform Wiktionary

Data subject request

Our Wiktionary is growing into a user-friendly online dictionary specifically designed to provide comprehensive and precise definitions of terms related to ISO standardization, information security, data protection and cybersecurity.

A data subject request, also known as a request for information or data subject rights request, refers to the right of a natural person to obtain information about the processing of their personal data. This right is enshrined in Article 15 of the General Data Protection Regulation (GDPR).

Contents of the information provided:

  • Confirmation of processing: The controller must confirm whether the data subject’s personal data is being processed.
  • Categories of data processed: Information about the types of personal data that is processed (e.g. name, address, e-mail address).
  • Purposes of processing: The purposes for which the personal data are processed.
  • Recipients or categories of recipients: Information about to whom the personal data is or has been disclosed (e.g. internal departments, external service providers, authorities).
  • Storage periods: The intended periods for which personal data is kept or, if this is not possible, the criteria used to determine these periods.
  • Rights of the data subject: Information on the rights of the data subject, such as the right to rectification, erasure, restriction of processing and objection, as well as the right to lodge a complaint with a supervisory authority.
  • Origin of the data: If the personal data was not collected from the data subject, the controller must provide all available information about the origin of the data.
  • Automated decision making: Information about whether the personal data is used for automated decision making, including profiling, and if so, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.